Wordpress Contact Form 1.3 Update
We’re using the Wordpress WP-ContactForm plugin by Ryan Duff and Firas Durri on some of our sites. During the past few weeks, there has been an increasing volume of attempted spam e-mail through the contact form. The latest update (1.3) has additional validation on the form input to prevent the injection of MIME enclosures, additional mail header fields, etc.
Here’s a recent discussion thread on the Wordpress support forum. Firas says:
For those curious, the spamming/attaching is done via injecting extra headers alongwith the ‘From’ field. It’s not done using the actual html interface, but via other agents posting to the script.
The update announcement is here; the latest version is available on the plugin project page.
If you’re running an earlier version of the Wordpress Contact Form plugin, this update should block the latest round of spam agents attempting to abuse the older version.
Tags: wordpress, spam, blogging
September 14th, 2005 at 9:04 pm
You might have already seen the spam being generated from our contact form on www.kuppam.in . Will this fix help and have you updated the plug in already?
I have just started at yahoo and will let you know about my contact details.